显然 -如果我错了 ,请纠正我 - 要正确使用 Google API/授权,您需要指定以“@developer.gserviceaccount.com”结尾的服务帐户电子邮件。
但是,此帐户将无权访问我想要添加/列出/删除用户的域。我认为这是我的“未授权”请求的原因。
您如何将此帐户权限授予要影响更改的域?或者 - 我应该在授权期间列出不同的帐户吗?如果是这样,我该怎么做 - 因为当我指定一个具有权限的域帐户时,我得到“invalid_grant”。
任何帮助,将不胜感激。谢谢。
这是代码:
String szDomainName = "testdomainname.com";
String szServiceAccount = "google_generated_user@developer.gserviceaccount.com";
var certificate = new X509Certificate2(@"Google_Key.p12", "notasecret", X509KeyStorageFlags.Exportable);
ServiceAccountCredential.Initializer ServiceAccountCredentialInitializer = new ServiceAccountCredential.Initializer(szServiceAccount);
ServiceAccountCredentialInitializer.FromCertificate(certificate);
ServiceAccountCredentialInitializer.Scopes = new[] { DirectoryService.Scope.AdminDirectoryUser };
ServiceAccountCredential credential = new ServiceAccountCredential(ServiceAccountCredentialInitializer);
// Create the service.
BaseClientService.Initializer ServiceInitializer = new BaseClientService.Initializer();
ServiceInitializer.HttpClientInitializer = credential;
ServiceInitializer.ApplicationName = "List Users";
var service = new DirectoryService(ServiceInitializer);
var listReq = service.Users.List();
listReq.Domain = szDomainName;